Wrong calculation of interest or a leap year
Summary
Wrong calculation of interest or a leap year
Vulnerability Details
The code is using a constant value of 365 days to calculate the interest. However, this approach assumes that every year has 365 days, which is not correct since leap years have an extra day (366 days). In a leap year, the interest should be calculated based on 366 days, not 365.
Impact
How this affects the lender:
Let's consider an example where a loan was issued on the last day of a leap year (December 31). The loan term lasts for exactly one year. In a non-leap year, the term would end on December 31 of the following year, which is correct. However, in a leap year, the term would end on December 30 of the following year due to the 366 days, and this would cause the interest to be calculated for one day less than it should be.
The impact might not be significant for short-term loans, but for larger loan amounts and longer-term loans, the difference can be more substantial, leading to incorrect interest calculations and potentially causing financial discrepancies for both the lender and the borrower.
Tools Used
Manual Review
Recommendations
To address this issue, you should modify the code to calculate the number of days accurately based on the actual number of days in the loan term
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.